0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00

Respect subdirectory in authenticate middleware

This commit is contained in:
Michael Bradshaw 2014-02-19 15:53:40 -07:00
parent f273e17e08
commit b410f5833b
2 changed files with 11 additions and 10 deletions

View file

@ -272,8 +272,8 @@ module.exports = function (server, dbHash) {
// ### Caching
expressServer.use(middleware.cacheControl('public'));
expressServer.use('/api/', middleware.cacheControl('private'));
expressServer.use('/ghost/', middleware.cacheControl('private'));
expressServer.use(subdir + '/api/', middleware.cacheControl('private'));
expressServer.use(subdir + '/ghost/', middleware.cacheControl('private'));
// enable authentication; has to be done before CSRF handling
expressServer.use(middleware.authenticate);

View file

@ -29,17 +29,17 @@ var middleware = {
// exceptions for signin, signout, signup, forgotten, reset only
// api and frontend use different authentication mechanisms atm
authenticate: function (req, res, next) {
if (res.isAdmin) {
if (req.path.indexOf("/ghost/api/") === 0) {
return middleware.authAPI(req, res, next);
}
var noAuthNeeded = [
var subPath = req.path.substring(config().paths.subdir.length),
noAuthNeeded = [
'/ghost/signin/', '/ghost/signout/', '/ghost/signup/',
'/ghost/forgotten/', '/ghost/reset/'
];
if (res.isAdmin) {
if (subPath.indexOf('/ghost/api/') === 0) {
return middleware.authAPI(req, res, next);
}
if (noAuthNeeded.indexOf(req.path) < 0) {
if (noAuthNeeded.indexOf(subPath) < 0) {
return middleware.auth(req, res, next);
}
}
@ -51,7 +51,8 @@ var middleware = {
// We strip /ghost/ out of the redirect parameter for neatness
auth: function (req, res, next) {
if (!req.session.user) {
var reqPath = req.path.replace(/^\/ghost\/?/gi, ''),
var subPath = req.path.substring(config().paths.subdir.length),
reqPath = subPath.replace(/^\/ghost\/?/gi, ''),
redirect = '',
msg;